CVE-2011-0766
NONE EPSS 85.9%
Published May 31, 201115y ago · Modified Jun 16, 20262w ago
Published May 31, 2011 15y ago
Last Modified Jun 16, 2026 2w ago
Description
The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.
Threat Intelligence
EPSS Exploit Probability
85.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-310
Affected Products 12
| Vendor | Product | Version | Range |
|---|---|---|---|
| erlang | crypto | * | ≤2.0.2.1 |
| erlang | erlang\/otp | r11b-5 | any |
| erlang | erlang\/otp | r12b-5 | any |
| erlang | erlang\/otp | r13b | any |
| erlang | erlang\/otp | r13b02-1 | any |
| erlang | erlang\/otp | r13b03 | any |
| erlang | erlang\/otp | r13b04 | any |
| erlang | erlang\/otp | r14a | any |
| erlang | erlang\/otp | r14b | any |
| erlang | erlang\/otp | r14b01 | any |
| erlang | erlang\/otp | r14b02 | any |
| ssh | ssh | * | ≤2.0.4 |
References 4
- secunia.com http://secunia.com/advisories/44709
- kb.cert.org http://www.kb.cert.org/vuls/id/178990
- securityfocus.com http://www.securityfocus.com/bid/47980
- github.com https://github.com/erlang/otp/commit/f228601de45c5b53241b103af6616453c50885a5
Remediation
- kb.cert.org http://www.kb.cert.org/vuls/id/178990
- github.com https://github.com/erlang/otp/commit/f228601de45c5b53241b103af6616453c50885a5